Skip to main content Skip to main navigation
Skip to access and inclusion page Skip to search input

What is a payment redirection scam?

Scammers send emails from a compromised email account that ask the recipient to send money to new or updated payee details of a fraudulent bank account they control.

You may think the sender is a:

  • Supplier
  • Colleague (including an executive manager or someone from your Human Resources department)
  • Real estate agent or conveyancer

However, their actual motivations are to steal your money via a fraudulent:

  • Urgent payment request
  • Invoice
  • Deposit
  • HR department request to redirect your salary

Payment redirection scams are also commonly known as business email compromise or BEC scams. Despite what the name suggests, anyone can become the target, not just businesses. It’s important to know the warning signs to help protect yourself or your business.

Signs this may be a scam

They request payment to a new account number.

Even if such requests came from someone associated with you, do not make any changes to account details until you've verbally verified the request using a phone number you sourced yourself.

A CEO, executive or senior manager requests payment to a specific account.

Pause and verify the request verbally, regardless of who the sender is or if the request is urgent.

A supplier or employee claim they haven’t received payment.

Do not make any more payments until you investigate the payment history and emails, to check if there were any requests made to amend account details.

You’re paying them for the first time.

When paying someone for the first time, such as a deposit to a real estate agent’s trust account for a property purchase, validate the request and payee details before sending money. You can do this verbally or request to pay using PayID®.

Examples of scams*

John was excited after signing a contract to purchase his first home. He’d been in contact with the real estate agent via both the phone and email since his first inspection through to organising his contracts. Now he was nearing the end of the deal, and most of their communications were via email. 

 

Per his contract, John's deposit was due within the next 48hrs. He received an email from the agent containing details of the account to pay to. He made the payment without doing any additional checks.

 

Later that day, he received a call from the agent congratulating him on the purchase and talking him through his email about the next steps. John confirmed he had already made the payment.

 

The next day the real estate agent called to advise that he had not yet received the deposit. John forwarded the email he had received, however the agent advised that this had not been sent from his office and that the bank details were incorrect.

 

John contacted the bank immediately to stop the transaction, however it had already left the bank. Although the email appeared to have come from the real estate agent’s email account, it had been compromised. The scammers had manipulated the email details, replacing the agent’s bank details with their own.

 

Attempts to recover the funds from the recipient bank were unsuccessful as the scammers had already withdrawn all funds from the account.

Tips to minimise the risk of being scammed

  • Always verbally confirm any requests for urgent or redirected payments. Always use a phone number you have on file, or a publicly sourced number. Never use contact details provided in the email.
  • Request to pay using PayID if the payee has one. PayID displays the registered payee name onscreen, so if it's not your intended recipient you will know something is possibly suspicious.
  • Register your business for PayID by using your ABN and request this is how your account is credited.
  • Use multifactor authentication and dual payment approvals where available.
  • If you have a business, train your employees regularly on how to spot payment redirection scams. Empower them to question any payment related requests and verbally verify account details are correct. Update your processes to include these steps.

What you can do if you
come across a scam

Let us know

Get support and stay in the know

  • IDCARE provides free, confidential support and guidance to those impacted by fraud, scams, identity theft or compromise. Call them toll-free on 1800 595 160 or visit idcare.org.
  • Keep up to date on scams by subscribing to the government's scam email alerts from scamwatch.gov.au/subscribe.
  • Check out our latest scams, for copies of recently reported scams at westpac.com.au/scams.

ScamSpot: a series of 2-minute bites to help spot the latest scams

PayID quick set up guide

In the Westpac App

  1. Make sure you have the latest version of the Westpac App
  2. Search for PayID, tap on it, then follow the prompts.

In Online Banking

  1. Select Service > Services > PayID/Pay to Mobile
  2. Select Register now and follow the prompts.

 

Latest Scams

To stay in the loop, and stay protected, check out our list of the latest phishing scams impersonating Westpac.

Find out more

Report a scam

If you receive any suspicious calls, emails or SMS, or notice unusual activity on your account, it’s important that you let us know.

Find out more

Security Wellbeing Check

To help keep you up to date with the latest security features, we’ve introduced the Security Wellbeing Check in the Westpac App.

Find out more

Things you should know

* Examples are based on one or more real scam reports received by Westpac. For privacy purposes real names have not been used.


PayID® is a registered trademark of NPP Australia Limited and any use of its marks by Westpac is under license.


This information is general in nature and has been prepared without taking your personal objectives, circumstances and needs into account. You should consider the appropriateness of the information to your own circumstances and, if necessary, seek appropriate professional advice.